To completely disable the FTP access on the server follow the below steps:

root@server[#] vi /etc/csf/csf.conf

Search for the lines:
# Allow incoming TCP ports
TCP_IN =
and remove the port 21 from the list
Save and quit.

And then restart the CSF firewall using the below command:

root@server[#] csf -r

If you want to block FTP access for a Specific IP then follow the below steps:

root@server[#] vi /etc/csf/csf.deny

and add the line :
tcp:in:d=21:s=10.10.10.10

save and quit

And then restart CSF firewall using the below command:

root@server[#] csf -r

If you want to allow FTP access for only one ip on the server and denied for all other IPS

root@server[#] vi /etc/csf/csf.conf

Then search for the line:
# Allow incoming TCP ports
and the remove the ports : 21 and 22

also search for the line :

# Allow outgoing TCP ports
and remove the ports: 21 and 22

Save and quit

Then open the csf.allow file

root@server[#] vi /etc/csf/csf.allow
and add the entry as :

tcp:in:d=21:s=10.10.10.10

Save and Quit.

And then restart the CSF service

root@server[#] csf -r

Note: Replace the IP 10.10.10.10 with the Actual IP.